MAL-2026-4762

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (e7c9cfd90d6de2acd86d50019dfa4a2b140ac9246fdcbae8d7aaa3d17bd4af6e) The distribution is published as `pgrayy-wasmtime` but its `top_level.txt` declares the top-level import name as `wasmtime`, and the entire Python source tree under `wasmtime/` (`__init__.py`, `_ffi.py`, `_bindings.py`, `component/*`) is a verbatim copy of the official Bytecode Alliance `wasmtime-py` distribution, complete with upstream metadata (`Author-email: The Wasmtime Project Developers <hello@bytecodealliance.org>`, `Homepage: github.com/bytecodealliance/wasmtime-py`). Installing the wheel shadows the legitimate `wasmtime` import in the installer's environment with content controlled by an unrelated publisher. The wheel additionally ships a single 31.8 MB prebuilt native library `wasmtime/darwin-aarch64/_libwasmtime.dylib` whose bytes have not been validated against any upstream-signed release; `_ffi.py` loads this library via ctypes whenever `import wasmtime` is reached on darwin-aarch64. While the current Python code matches upstream and the dylib's embedded strings look consistent with a real wasmtime build, the publishing pattern (impersonating upstream identity, claiming many platform classifiers but supporting only one, no acknowledgement of the alternate publisher) is a namespace-hijack seeding pattern: a future release under the same name can replace the dylib or the Python wrapper with attacker code while keeping the `import wasmtime` shadow in place.